CISA IT Program Auditor

This role conducts evaluations of an IT program or its individual components to determine compliance with published standards, Federal government laws, regulations, and requirements.

Personnel performing this work role may unofficially or alternatively be called:

  • Information Assurance (IA) Auditor
  • IA Compliance Manager
  • IA Officer
  • Quality Assurance (QA) Specialist
  • Security Control Assessor
  • Validator

Skill Community: Cross Functional
Category: Govern and Oversee
Specialty Area: Program/Project Management and Acquisition
Work Role Code: 805

Core Tasks

  • Develop methods to monitor and measure risk, compliance, and assurance efforts. (T0072)
  • Provide recommendations for possible improvements and upgrades. (T0208)
  • Review or conduct audits of information technology (IT) programs and projects. (T0223)
  • Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up. (T0389)
  • Conduct import/export reviews for acquiring systems and software. (T0412)

Core Competencies

  • Data Analysis
  • Risk Management
  • Information Technology Assessment

Core Knowledge, Skills, Abilities (KSAs)

  • Knowledge of industry-standard and organizationally accepted analysis principles and methods. (K0043)
  • Knowledge of Risk Management Framework (RMF) requirements. (K0048)
  • Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system. (S0038)
  • Skill in conducting audits or reviews of technical systems. (S0085)

Join the Mission

CISA is always searching for diverse, talented, and highly motivated professionals to continue its mission of securing the nation’s critical infrastructure. CISA is more than a great place to work; our workforce tackles the risks and threats that matter most to the nation, our families, and communities.

To join this mission, visit USAJOBs and/or the DHS Cybersecurity Service to view job announcements and to access the application. Be sure to tailor your resume to the specific job announcement, attach relevant documents, and complete all required assessments. 

When applying for CISA’s cyber positions, please review CISA’s cyber roles above and update your resume to align your experience with the listed competencies. Your resume must also show demonstrated cyber/IT related experience in:

  • Attention to Detail
  • Customer Service
  • Oral Communication
  • Problem Solving

To receive email notifications when new CISA positions are announced, set up a “saved search” on USAJOBs with keyword “Cybersecurity and Infrastructure Security Agency.

Individuals eligible for special hiring authorities may also be considered during CISA’s one-stop hiring events or by emailing or

Was this webpage helpful?  Yes  |  Somewhat  |  No